Chaos monkey for docker

I work at a mostly AWS shop, and while we still have services on raw EC2, nearly all of our new development is on Amazon ECS in docker. I like docker because it provides a unified unit of operation (a container) that makes it easy to build shared tooling regardless of language/application. It also lets you reproduce your applications local in the same environment they run remote, as well as starting fast and deploying fast.

However, many services run on a shared ECS node in a cluster, and so while things like Chaos Monkey may run around turning nodes off it’d be nice to have a little less of an impact during working hours while still being able to stress recovery and our alerting.

This is actually pretty easy though with a little docker container we call The Beast. All the beast does is run on a ECS Scheduled event every 15-30 minutes from 10am – 3pm PST (we have teams east and west coasts) and the beast kills a random container from whatever cluster node its on. It doesn’t do a lot of damage, but it does test your fault tolerance.

Here’s The Beast:

#!/usr/bin/env ruby

require 'json'
require 'pp'

class Hash
  def extract_subhash(*extract)
    h2 ={|key, value| extract.include?(key) }
    self.delete_if {|key, value| extract.include?(key) }


ignore_image_regex = ENV["IGNORED_REGEX"]

raw = "[#{`docker ps --format '{{json .}}'`.lines.join(',')}]"

running_services = JSON.parse(raw).map { |val| val.extract_subhash("ID", "Image")}

puts running_services

puts "Ignoring regex #{ignore_image_regex}"

if ignore_image_regex && ignore_image_regex.length > 0
  running_services.delete_if {|value|
    /#{ignore_image_regex}/ === value["Image"]

if !running_services || running_services.length == 0
  puts "No services to kill"


puts "Bag of services to kill: "

to_kill = running_services.sample

puts "Killing #{pp to_kill}"

`docker kill #{to_kill["ID"]}`

prng =

quips = [
    "Dont fear the reaper",
    "You been rubby'd",
    "Pager doody"

puts "#{quips[prng.rand(0..quips.length-1)]}"

Beast supports a regex of ignored images (so critical images like the ecs_agent and itself) can be marked as ignore. This can also be used to update the beast to allow it to ignore services temporarily/etc.

We deploy The Beast with terraform, the general task definition looks like:

    "name": "the-beast",
    "image": "${image}:${version}",
    "cpu": 10,
    "memory": 50,
    "essential": true,
    "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "${log_group}",
          "awslogs-region": "${region}",
          "awslogs-stream-prefix": "the-beast"
    "environment": [
          "name": "IGNORED_REGEX", "value": ".*ecs_agent.*|.*the-beast.*"
    "mountPoints": [
        { "sourceVolume": "docker-socket", "containerPath": "/var/run/docker.sock", "readOnly": true }

And the terraform:

resource "aws_ecs_task_definition" "beast_rule" {
  family = "beast-service"
  container_definitions = "${data.template_file.task_definition.rendered}"

  volume {
    name = "docker-socket"
    host_path = "/var/run/docker.sock"

data "template_file" "task_definition" {
  template = "${file("${path.module}/files/task-definition.tpl")}"

  vars {
    version = "${var.beast-service["version"]}"
    region = "${var.region}"
    image = "${data.terraform_remote_state.remote_env_state.docker_namespace}/the-beast"
    log_group = "${var.log-group}"

resource "aws_cloudwatch_event_target" "beast_scheduled_job_target" {
  target_id = "${}"
  rule = "${}"
  arn = "${}"
  role_arn = "${data.aws_iam_role.ecs_service_role.arn}"
  ecs_target {
    task_count = 1
    task_definition_arn = "${aws_ecs_task_definition.beast_rule.arn}"

resource "aws_cloudwatch_event_rule" "beast_scheduled_job" {
  name = "${}"
  description = "Beast kills a container every 30 minutes from 10AM to 3PM PST Mon-Thu"
  schedule_expression = "cron(0/30 18-23 ? * MON-THU *)"
  is_enabled = false

resource "aws_cloudwatch_log_group" "beast_log_group" {
  name = "${var.log-group}"

We can log to cloudwatch and correlate back information if a service was killed by the best as well. It’s important to note that you need to mount the docker socket for beast to work, since it needs docker to run. A sample dockerfile looks like:

FROM ubuntu:xenial

RUN apt-get update && apt-get install -y ruby-full build-essential

RUN gem install json

ADD beast.rb /app/beast.rb

RUN chmod +x /app/beast.rb

ENTRYPOINT "/app/beast.rb"

It’s bare bones, but it works, and the stupid quips at the end always make me chuckle.

Leave a Reply

Your email address will not be published. Required fields are marked *